Andrew Raynes, Director of Digital and Chief Information Officer at Royal Papworth Hospital NHS Foundation Trust, explores how augmented email has transformed communications for patients and clinicians across the entire healthcare journey
Email has long been heralded as a cornerstone of communication in the NHS and in healthcare systems worldwide. In an environment where time is critical, it is one of the most effective ways for clinicians and patients to share information and build trust. However, the increasing adoption of Artificial Intelligence (AI), coupled with the demand for more productivity, means we need to find ways to enhance this channel of communication, without causing disruption in the healthcare journey.
Understanding the security challenge
While the rate of change in email clients has been slower than in other digital services, patients and clinicians still rely on it as a convenient, instant, and efficient means of communication, enabling better patient care and healthcare management. However, the widespread use of email brings with it numerous security challenges.
The NHS is responsible for vast amounts of sensitive patient data, including medical records, treatment plans, and personal identifiable information (PII). Email is frequently used to share this information, both within the service and to external parties which means robust security is essential to safeguard patient confidentiality. However, the unfortunate truth is that data breaches do happen, and they can have serious consequences, including legal ramifications, fines, damage to patient trust and unwanted media coverage.
Cyberattacks are a constant threat to healthcare organisations. Last year, NHS supplier Advanced was targeted in a ransomware attack which took seven major health systems, including software used for patient check-ins, medical notes and the NHS 111 service, offline. In a similar incident involving another software company, several UK ambulance services were forced to rely on paper after their patient record system was forced offline. Ultimately it is not a question of if a breach happens, but when.
It isn’t just the bad guys keeping IT teams up at night. In fact, research shows that human error is the leading cause of data loss events. According to a study conducted by Zivver, one fifth of healthcare professionals (20%) admit to sharing sensitive information via regular email that they shouldn’t have.
While there is little we can do on the clinical side to stop offensive cyberattacks, there is a role for everyone when it comes to minimising data leaks through human error. That comes down to being smarter about how we communicate.
The benefits of augmented email for the NHS
NHS patients need to trust that their personal information is safe when sent through email, which is why security practices help maintain trust in the patient-clinician relationship. However, like all digital transformation projects, we must balance the need for future-proofed services with robust cybersecurity. So how can we make improvements while ensuring security is a top priority? For me, it all comes down to augmented solutions.
Email clients in their most basic form can be limited in terms of functionality and security. For example, they often restrict file sharing based on size, which reduces the amount of information a clinician or a patient can share causing delays or knowledge gaps. They also lack advanced security functions such as data encryption or multi-factor authentication, and the recall function only adds intrigue: as they say, nothing forces someone to open an email more than a recall notice.
Often these limitations force people to use third-party providers, which may carry greater risk as we add unnecessary external services into the supply chain. We have seen how damaging this can be if vulnerabilities are exploited, for example with the MoveIT breach in June of this year. The other consideration is that these software products and services cannot always integrate seamlessly with workflows or existing platforms, causing friction in the user experience. This could have an impact on decision-making and wait times, which could be detrimental to patient care.
There is a misconception that we have to accept the limitations in email clients. Transformation means reimagining the way we perceive and interact with those services. That starts with investing in smart solutions that leverage technologies such as AI and Machine Learning to understand patterns of behaviour and enable users to make better choices, while also providing enhanced privacy features. Adding more functionality and layers of security should not create barriers to adoption. In fact, it gives clinicians the confidence to communicate effectively while reassuring patients that their data is in safe hands in a resilient network infrastructure.
Balancing transformation and security
The NHS carries a great amount of responsibility on its shoulders. While the priority should be about delivering care, we cannot overstate the importance of safeguarding patient data, and it requires change from all sides. While there has been significant money spent on cybersecurity to stop hackers getting in, we need a level of investment to stop data getting out. That boils down to providing all staff with the guardrails they need to make better choices, and patients having faith that their most sensitive data is respected and protected in maintaining public trust.